CVE-2017-2616 – util-linux: Sending SIGKILL to other processes with root privileges via su
https://notcve.org/view.php?id=CVE-2017-2616
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. Se ha encontrado una condición de carrera en util-linux en versiones anteriores a la 2.32.1 en la forma en la que "su" manejaba los procesos hijo. Un atacante local autenticado podría usar este defecto para matar otros procesos con privilegios de root bajo condiciones específicas. A race condition was found in the way su handled the management of child processes. • http://rhn.redhat.com/errata/RHSA-2017-0654.html http://www.securityfocus.com/bid/96404 http://www.securitytracker.com/id/1038271 https://access.redhat.com/errata/RHSA-2017:0907 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616 https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891 https://security.gentoo.org/glsa/201706-02 https://www.debian.org/security/2017/dsa-3793 https://access.redhat.com/security/cve/CVE-2017-2616 https://bugzilla.r • CWE-267: Privilege Defined With Unsafe Actions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2016-2779
https://notcve.org/view.php?id=CVE-2016-2779
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. runuser en util-linux permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada del terminal. • http://www.openwall.com/lists/oss-security/2016/02/27/1 http://www.openwall.com/lists/oss-security/2016/02/27/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-5011 – util-linux: Extended partition loop in MBR partition table leads to DOS
https://notcve.org/view.php?id=CVE-2016-5011
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. La función parse_dos_extended en partitions/dos.c en la biblioteca libblkid en util-linux permite a atacantes físicamente próximos provocar una denegación de servicio (consumo de memoria) a través de una tabla de particiones MSDOS manipulada con un registro de arranque de partición extendida en desplazamiento cero. It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. • http://rhn.redhat.com/errata/RHSA-2016-2605.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543 http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801 http://www.openwall.com/lists/oss-security/2016/07/11/2 http://www.securityfocus.com/bid/91683 http://www.securitytracker.com/id/1036272 https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3 https://access.redhat.com/security/cve/CVE-2016-5011 https://bugzilla.redhat. •
CVE-2015-5218
https://notcve.org/view.php?id=CVE-2015-5218
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. Desbordamiento de buffer en text-utils/colcrt.c en colcrt en util-linux en versiones anteriores a 2.27 permite a usuarios locales causar una denegación de servicio (caída) a través de un archivo manipulado, relacionado con la variable page global. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html http://www.spinics.net/lists/util-linux-ng/msg11873.html https://bugzilla.redhat.com/show_bug.cgi?id=1259322 https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8 https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9114
https://notcve.org/view.php?id=CVE-2014-9114
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Blkid en util-linux en versiones anteriores a 2.26rc-1 permite a usuarios locales ejecutar código arbitrario. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html http://www.openwall.com/lists/oss-security/2014/11/26/21 http://www.securityfocus.com/bid/71327 https://bugzilla.redhat.com/show_bug.cgi?id=1168485 https://exchange.xforce.ibmcloud.com/vulnerabilities/98993 https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •